njrat | 3e5a71464266a3d47d3791930686b9709f85d718e33187f87d0648b0ef40c5cb | Triage

Sharing

General

Target

3e5a71464266a3d47d3791930686b9709f85d718e33187f87d0648b0ef40c5cbN
Size

43KB
Sample

241029-nhj2cawldp
MD5

a7b79328fc372155fa7775d5bd5d9850
SHA1

e5e83cc77d4bcfdf65f03b9516323e438227b6d1
SHA256

3e5a71464266a3d47d3791930686b9709f85d718e33187f87d0648b0ef40c5cb
SHA512

eaa6f6e8c8608477b7365f93e98518e39b02ae71cc813502de8a71ba87ed656cfb6f198a8989d2942503e5b11e85fd83eefd29c09c299c98662b7c45b358d5b1
SSDEEP

384:lZyWvHn1iDcsyEqtBfkEGCOEhGyOEtzcIij+ZsNO3PlpJKkkjh/TzF7pWno/greT:v9HnU4pEqtNkE5SyZuXQ/oR3+L

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  3e5a71464266a3d47d3791930686b9709f85d718e33187f87d0648b0ef40c5cbN
- Size
  
  43KB
- MD5
  
  a7b79328fc372155fa7775d5bd5d9850
- SHA1
  
  e5e83cc77d4bcfdf65f03b9516323e438227b6d1
- SHA256
  
  3e5a71464266a3d47d3791930686b9709f85d718e33187f87d0648b0ef40c5cb
- SHA512
  
  eaa6f6e8c8608477b7365f93e98518e39b02ae71cc813502de8a71ba87ed656cfb6f198a8989d2942503e5b11e85fd83eefd29c09c299c98662b7c45b358d5b1
- SSDEEP
  
  384:lZyWvHn1iDcsyEqtBfkEGCOEhGyOEtzcIij+ZsNO3PlpJKkkjh/TzF7pWno/greT:v9HnU4pEqtNkE5SyZuXQ/oR3+L
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan